1. layers
| Layer | Name of Data Unit | Example |
| -------------------------- | --------------------------------------- | ----------------------------- |
| Layer 7 (Application) | Data 报文 | HTTP request, DNS query |
| Layer 6 (Presentation) | Data 报文 | (often combined with Layer 7) |
| Layer 5 (Session) | Data 报文 | (often combined with Layer 7) |
| Layer 4 (Transport) | Segment 段(TCP) or**Datagram (UDP)** | TCP segment, UDP datagram |
| Layer 3 (Network) | Packet 包 | IP packet |
| Layer 2 (Data Link) | Frame 帧 | Ethernet frame |
| Layer 1 (Physical) | Bits 位流 | 0s and 1s on the wire |
In network layers, upper layer’s whole data becomes the payload of the lower layer . But usually upper layer data size is larger than lower level data size. Example:
1.1. Layer 4 TCP segment
Splits application data into segments sized to fit the path’s MTU using MSS (Maximum Segment Size) negotiation during the TCP handshake. Ensures each TCP segment fits within an IP packet under normal conditions.
Application data (large) is split into multiple TCP segments according to: MSS (Maximum Segment Size, e.g., 1460 bytes).
Each TCP segment is independent and complete:
Has its own TCP header (20 bytes minimum).
Has its own TCP sequence number indicating the byte offset in the stream.
Contains a portion of the application data payload.
Ensures each segment can be acknowledged and retransmitted independently.
UDP does not segment, instead passing datagrams to IP directly,
1.2. Layer 3 fragmentation
One TCP segment / UDP data can be fragment into milt IP packets Mulit IP packets may be used to send the TCP headers and data payload.
IP fragment/packet from the same TCP segment (or UDP datagram) will have the most of the same IP header
2. Layer 2
host1 <–> switches <–> host2
2.1. MAC learning (SRC MAC address -> ports)
MAC learning build a mac address to ports mapping to tell which port can be used to access given dest MAC address under the same subnet. MAC learning is mainly used by switches. MAC Learning is Based on the Source MAC Address of Incoming Frames. Every time a frame enters a port of a switch, the swithc will record source MAC address X is reachable via port Y. This is stored in the MAC (CAM) table. MAC address (learned from source MAC) -> Port
Destination MAC is used for forwarding, not learning.
2.1.1. what if the CAM table does not have the mapping for dest MAC?
Flood the packets on all ports. The switch may learn the MAC from the reply for next time forwarding.
2.1.2. MAC flapping (Switch keeps updating the MAC table entry because src mac frames came from different ports)
causes:
- Layer 2 Loop
- misconfig of duplicate MAC on different ports
- LACP not properly negotiated between switches ??
2.2. ARP (IP -> DEST MAC address)
ARP is needed when a Layer 3 (IP) packet needs to be sent over a Layer 2. The senario is given the dest IP on Layer 3 packet, how to fill the dest MAC address on Layer 2 packets.
2.2.1. when ARP is used
There are 2 main use cases:
- end host to find MAC for an IP on the same subnet
- L3 switch / router needs to forward IP packets and must resolve next-hot MAC
A pure Layer 2 switch never looks at IP header, but just fowarding based on DEST MAC and MAC learning
ARP happends before IP packet is sent on the wire.
In the above two cases, if the ARP can not be resolved in host or layer 3 router / switch, it can not build the ethernet frame and the packet can not be sent out.
2.2.2. how is ARP learned
When A wants to know the dest MAC associated with an IP (simply which device has the IP). A sends an ARP packet (ASRCIP + ASRCMAC + Target IP) Assume D has the target IP and the ARP goes throught A -> B -> C -> D. (usually through broad cast) Then B, C, D will firstly learn the map (ASRCIP : ASRCMAC)
D will reply with(DSRCIP, DSRCMAC, ASRCIP (Target IP), ASRCMAC(Target MAC)) which will be unicast to A A and the devices under the hood will learn the mapping (DSRCIP, DSRCMAC)
in the ARP packet, there is a specific field called the Operation (Opcode) field, indicates whether the ARP packet is a request or a reply.
3. Layer 3 (Network IP)
3.1. IP address
IPv4 standards defines the IP address with 32 bits. The old style classifies the IP address into 5 classes: A, B, C, D, E. But will cause the waste of IP address. Nowadays, Classless IP addressing is used.
3.1.1. Classful IP Addressing
The first 4 bits of IP address is used to divide the IP address into 5 different classes. The first 4 bits used as dividing purpose to classify different classes
3.1.1.1. class A
0 | Network (7 bits) | Host (24 bits)
So there will be 2 ^ 7 = 128 networks ID under class A. And there will be 2 ^ 24 - 2 = 16,777,214 host ID (-2, one for network address 0.0.0, another for broadcast address 256.256.256);
Range (Here we are talking the first 8 bits Octet): 0 ~ 127. So every time you see IP whose first Octet is 0 ~ 127, then it’s a class A)
3.1.1.2. class B
1 0 | Network (14 bits) | Host (16 bits)
Range: 128 ~ 191
3.1.1.3. class C
1 1 0 | Network (21 bits) | Host (8 bits)
Range: 192 ~ 223
3.1.1.4. class D
1 1 1 0 | Host (28 bits)
Range: 224 ~ 239 Reseved for multi-cast
3.1.1.5. classs E
1 1 1 1 | Host (28 bits)
Range: 240 ~ 255 Reserved for experimental or research
3.1.2. Classless IP Addressing
The issue with Classful IP addressing is for network ID like in class A, one network ID it will have a huge number of host IDs. This will leads to waste. (For example, company get class A network ID will not use the hosts efficiently).
To solve this issue, subnetting is introduced to divide the class IP into smaller networks. The following is an example of how a Class A IP is subnetted
10.0.1.0/24 It's a Class A IP, the first 8 bits is used for Network purpose. But with the subnet mask, the first 24 bits will be used as network ID. So this class A IP is divided into 2 ^ (24 - 8) = 2 ^ 16 subnets, with each subnet has 2 ^ (32 - 24) = 2 ^ 8 hosts In this way, one class A IP network ID can be divided into different subnets with smaller hosts. So that can be given to smaller companies.